summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_MASQUERADE.c
Commit message (Collapse)AuthorAgeFilesLines
* src: introduce struct xt_xlate_{mt,tg}_paramsPablo Neira Ayuso2016-07-251-4/+3
| | | | | | | | This structure is an extensible containers of parameters, so we don't need to propagate interface updates in every extension file in case we need to add new parameters in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-translate: pass ipt_entry and ip6t_entry to ->xlate()Pablo Neira Ayuso2016-03-091-1/+1
| | | | | | | The multiport match needs it, this basically leaves ->xlate() indirection with almost the same interface as ->print(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libipt_MASQUERADE: Add translation to nftShivani Bhardwaj2016-03-021-0/+24
| | | | | | | | | | | | | | | | | | Add translation for masquerade to nftables. Examples: $ sudo iptables-translate -t nat -A POSTROUTING -j MASQUERADE nft add rule ip nat POSTROUTING counter masquerade $ sudo iptables-translate -t nat -A POSTROUTING -p tcp -j MASQUERADE --to-ports 10 nft add rule ip nat POSTROUTING ip protocol tcp counter masquerade to :10 $ sudo iptables-translate -t nat -A POSTROUTING -p tcp -j MASQUERADE --to-ports 10-20 --random nft add rule ip nat POSTROUTING ip protocol tcp counter masquerade to :10-20 random Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Convert the NAT targets to use the kernel supplied nf_nat.h headerPatrick McHardy2012-09-101-16/+16
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libipt_MASQUERADE: use guided option parserJan Engelhardt2011-05-091-27/+21
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: do not print trailing whitespacesJan Engelhardt2011-01-311-6/+4
| | | | | | | | | | | | | | | | | Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove no longer necessary default: casesJan Engelhardt2011-01-081-3/+1
| | | | | | | Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* all: consistent syntax use in struct optionJan Engelhardt2010-07-231-3/+4
| | | | | | Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: MASQUERADE: fix --to-ports parserDmitry V. Levin2010-05-201-16/+16
| | | | | | | | | | | Rewrite port range validator to use xtables_strtoui() and xtables_param_act(). Original check failed to recognize such port range errors as "1a-2" and "1-2a". Also, original parser erroneously denied using port 0, which is now allowed. Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: hand argv to xtables_check_inverseJan Engelhardt2009-11-031-1/+1
| | | | | | | | | In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add const qualifiers in print/save functionsJan Engelhardt2009-05-261-6/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add missing limits.h includeJan Engelhardt2009-02-211-0/+1
| | | | | | Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* include: resynchronize headers with 2.6.29-rc5Jan Engelhardt2009-02-211-13/+13
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-211-5/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - move check_inverse to xtables.cJan Engelhardt2009-01-301-1/+1
| | | | | | | This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove inclusion of iptables.hJan Engelhardt2008-11-201-1/+1
| | | | | | | | | iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use NFPROTO_ constantsJan Engelhardt2008-11-181-1/+1
| | | | | | | | Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add SCTP/DCCP support to NAT targetsPatrick McHardy2008-11-041-1/+3
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: Update commentsJan Engelhardt2008-09-011-6/+0
| | | | | | | | A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Remove old functions, constantsJan Engelhardt2008-04-151-10/+8
|
* fix gcc warningsMax Kellermann2008-01-291-1/+1
| | | | Max Kellermann <max@duempel.org>
* Unique names 4/6Jan Engelhardt2007-10-041-21/+16
| | | | | | | | | | | Give symbols of libxt targets unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Delete empty ->final_check() functionsJan Engelhardt2007-10-041-6/+0
| | | | | | | Deletes empty ->final_check() functions, and makes ip[6]tables checks for NULL on these. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Remove stray NULLsJan Engelhardt2007-10-041-1/+1
| | | | | | | Mixing member accessors (non-named vs named) is not good. Remove stray NULL. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Fix sparse warnings: non-ANSI function declarations, 0 used as pointerPatrick McHardy2007-09-081-3/+3
|
* Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)Peter Riley2007-09-021-1/+1
|
* Make the option structures const.Jan Engelhardt2007-07-301-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Fixes warning on compilation, part 2Yasuyuki KOZAKAI2007-07-241-3/+4
| | | | | | | | | | This changes the type of arguments as follows in multiport, DNAT, SNAT, MASQUERADE, and REDIRECT - ip[6]t_ip[6] * -> void * - ip[6]t_entry * -> void * and adds lines to cast these pointer with intended type.
* Replaces ipt_entry_* with xt_entry_* in matches/targetsYasuyuki KOZAKAI2007-07-241-4/+4
|
* Fix iptables-save with --random optionPatrick McHardy2007-04-181-1/+4
|
* Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs.Patrick McHardy2007-04-181-10/+1
|
* Use nf_conntrack headers instead of ip_conntrack ones and add sanitized ↵Patrick McHardy2007-04-181-1/+1
| | | | versions.
* iptables: add random option to SNAT (Eric Leblond)Eric Leblond2007-02-241-1/+22
|
* Fix NAT of ICMP ID ranges (Patrick McHardy)Patrick McHardy2005-07-221-1/+2
|
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)Pablo Neira2005-02-141-2/+0
| | | | Fixes build with conntrack event patch for 2.6
* Pablo Neira: extensions conversion to C99 structure initializationPablo Neira2004-12-281-14/+12
| | | | (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR)
* Fix invalid port number (Yasuyuki Kozakai)Yasuyuki KOZAKAI2003-10-301-1/+1
|
* globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent ↵Harald Welte2002-05-291-2/+2
| | | | naming
* fix bug in save() function of MASQUERADE target (A. van Schie)A. van Schie2002-04-011-1/+1
|
* Fix 'iptables -p !' bug (segfault when `!' used without argument)Harald Welte2002-03-141-1/+1
|
* - added patch to support statically linking of iptablesHarald Welte2001-08-061-0/+1
| | | | - iptables-save/-restore is no longer experimental
* Aligning matchsize and targetsize now responsibility of extension writersRusty Russell2000-07-031-2/+2
| | | | (PPC fix).
* Put ports in network order.Rusty Russell2000-04-191-8/+9
|
* reorganized tree after kernel mergeMarc Boucher2000-03-201-0/+166